Hundreds Targeted in New Atomic macOS Stealer Campaign

Posted on By CWS

CrowdStrike warns of a spike in assaults aimed toward infecting macOS customers with a variant of the notorious Atomic macOS Stealer (AMOS) data stealer.

Between June and August, the cybercrime group Cookie Spider, which operates the AMOS malware-as-a-service (MaaS) enterprise, used malvertising to direct victims to fraudulent assist web sites and trick them into putting in the malware.

The marketing campaign, CrowdStrike says, focused customers who have been trying to find options to frequent macOS points, and relied on selling fraudulent commercials for web sites the place victims have been instructed to execute a malicious command on their techniques.

The command would fetch a Bash script from a distant server, to seize the sufferer’s password and obtain an executable from one other distant location.

Dubbed SHAMOS, the payload is a variant of AMOS that accommodates anti-VM checks to forestall execution in a sandboxed setting, and which might carry out reconnaissance and information assortment duties.

The malware searches the system for recordsdata that comprise credentials, information from Keychain, AppleNotes, browsers, and identified cryptocurrency wallets, and makes an attempt to exfiltrate them to a distant server, packed in a ZIP archive.

Moreover, SHAMOS can obtain and execute payloads, together with a botnet module and a faux Ledger Reside pockets software.

The malvertising marketing campaign focused customers in Canada, China, Colombia, Italy, Japan, Mexico, the US, the UK, and different international locations, however was not served to Russian customers.Commercial. Scroll to proceed studying.

CrowdStrike’s investigation revealed that the cybercriminals probably impersonated a reliable Australia-based electronics retailer of their Google Promoting profile.

“This marketing campaign underscores the recognition of malicious one-line set up instructions amongst eCrime actors. This method permits them to bypass Gatekeeper safety checks and set up the Mach-O executable immediately onto sufferer gadgets,” CrowdStrike notes.

Associated: Homebrew macOS Customers Focused With Info Stealer Malware

Associated: Excessive-Worth NPM Builders Compromised in New Phishing Marketing campaign

Associated: North Korean Hackers Goal macOS Customers

Associated: Digium Telephones Focused in Cybercrime Marketing campaign Geared toward VoIP Methods

Security Week News Tags:, , , , ,

Related Posts

Critical Nvidia Toolkit Flaw Exposes AI Cloud Services to Hacking Security Week News
Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management Security Week News
Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack Security Week News
Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation Security Week News
Akira Ransomware Group Made $244 Million in Ransom Proceeds Security Week News
Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm Security Week News